What personal data do we collect?
Your personal data any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address will be collected and used by us. We will only collect the personal data that we need.
We collect personal data in connection with specific activities such as placing an order, monitoring and guarding services employment etc.
You can give us your personal data by filling in forms on our website, by registering to use our website, participate in, social media functions, entering a competition, promotion or survey or by corresponding with us by phone, email or by joining as or a customer.
This personal data you give us may include name, title, address, date of birth, age, gender, employment status, demographic information, email address, telephone numbers, personal description, photographs, CCTV images, attitudes, opinions, usernames and passwords, key holder details.
Personal data provided by you
This includes information you give when interacting with us, for example registering for monitoring and guarding services, placing an order or communicating with us. For example:
- Personal details (name, date of birth, email, address, telephone, and so on) when you show an interest in a product.
- Financial information payment information such as credit or debit card or direct debit details.
- Your opinions and attitudes about our businesses and services and products.
If you purchase a product details will be recorded and your association with that relationship will be recorded.
We may automatically collect the following information:
- Information about your purchases including but not limited to revenue figures, the types of products purchased, ID, purchase ID, and Renewal ID.
- Contact information provided from you for key holders.
Personal data created by your involvement with us
Your activities and involvement with us will result in personal data being created. This could include details of how you’ve contacted us or how we have contacted you or being involved with our campaigns and activities.
Information we generate
We conduct research and analysis on the information we hold, which can, in turn, generate personal data. For example, by analyzing your interests and involvement with our products we may be able to build a profile that helps us decide which of our communications are likely to interest you. The sections Research and Profiling gives more detail about how we use the information for profiling and targeted advertising.
Information from third parties
We buy anonymous external data from a third party and combine it with your personal data at an aggregated level to build profiles that help us work out what you’re most likely to want to hear from us about and how.
Sensitive personal data
We won’t send marketing emails, letters or make calls to people under the age of 18. We will not send any marketing communications and won’t profile anyone under the age of 18.
How we use your personal data
We’ll only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (from 25 May 2018)/UK Data Protection Act and Privacy of Electronic Communication Regulation.
Personal data provided to us will be used for the purpose or purposes outlined in any fair processing notice in a transparent manner at the time of collection or registration where appropriate, in accordance with any preferences you express. If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may need to provide your personal data.
Your personal data may be collected and used to complete your order or request. Below are the main uses of your data which depend on the nature of our relationship with you and how you interact with our various services, websites and activities.
Your privacy is important to us, so we’ll always keep your details secure. We’d like to use your details to keep in touch about things that may matter to you.
If you choose to hear from us we may send you information based on what is most relevant to you or things you’ve told us you like. We’ll only send these to you if you agree to receive them and we will never share your information with companies outside our group of companies we own for inclusion in their marketing. If you agree to receive marketing information from us you can change your mind at a later date by contacting the office via email or telephone on 01773811911 or email@example.com
However, if you tell us you don’t want to receive marketing communications, then you may not hear about offers or other work we do that may be of interest to you.
We may sometimes use third parties to capture some of our data on our behalf, but only where we are confident that the third party will treat your data securely, in accordance with our terms and in line with the requirements set out in the GDPR.
We’d love to stay in touch, but we don’t want to out-stay our welcome. Choose how you would like us to get in touch with you by contacting us.
ZSL Security Systems
1A Market Place
We’ll always act upon your choice of how you want to receive communications (for example, by email, post or phone). However, there are some communications that we need to send. These are essential to fulfil our promises to you as a customer, or buyer of goods or services:
- Transaction messaging, such as Direct Debit schedules, purchase confirmations
- Mailings such as renewal reminders or change of details in any circumstance.
If you’ve told us that you’re planning to, or thinking about, leaving us, we’ll use the information you give us to keep a record of this – including the purpose of your reason for leaving if you let us know this.
The personal information that is collect includes transactional information (i.e. order number) Renewals, Purchases.
If you’ve agreed that we can contact you for marketing purposes, we may also gather additional information about you from external sources, for example: updates to address and contact information.
Recruitment and employment
In order to comply with our contractual, statutory, and management obligations and responsibilities, we process personal data, including ‘sensitive’ personal data, from job applicants and employees.
Such data can include, but isn’t limited to, information relating to health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data, without explicit consent. Further information on what data is collected and why it’s processed is given below.
Contractual responsibilities: Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.
Statutory responsibilities: Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, equal opportunities monitoring.
Management responsibilities: Our management responsibilities are those necessary for the organisational functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone number.
Sensitive personal data
The Act defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.
In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee.
(a) We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consent.
(b) We will process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.
(c) Data about an employee’s criminal convictions will be held as necessary.
Disclosure of personal data to other bodies
In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third party supplier.
To meet the employment contract, we are required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.
In order to fulfil our statutory responsibilities, we’re required to give some of an employee’s personal data to government
Your data protection rights (DPO)
ZSL Security Systems Ltd is using your personal data on the basis of consent, you have the right to withdraw that consent at any time. You also have the right to ask us to stop using your personal data for direct marketing purposes.
Tell us using the address and contact details above
Subject access rights
If you would like further information on your rights or wish to exercise them, please write to us at ZSL Security Systems Ltd, 1A Market Place, South Normanton, DE55 2BN.
You will be asked to provide the following details:
- The personal information you want to access;
- Where it is likely to be held;
- The date range of the information you wish to access
We will also need you to provide information that will help us confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it.
Once we have all the information necessary to respond to your request we’ll provide your information to you within one month. This timeframe may be extended by up to two months if your request is particularly complex.
What to do if you’re not happy
In the first instance, please talk to us directly so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk.
Keeping your information
We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.
How we secure your data
Information system and data security is imperative to us to ensure that we are keeping our customers, employees and contractor safe.
We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures that they are up to date and secure against the ever-changing threat landscape. In addition to this, we follow a defense in the depth security model, which means that your data is protected by multiple layers of security.
Our staff complete mandatory information security and data protection training on employment and annually thereafter to reinforce responsibilities and requirements set out in our information security policies.
When you trust is with your data we will always keep your information secure to maintain your confidentiality. By utilizing strong encryption when your information is stored or in transit we minimize the risk of unauthorized access or disclosure; when entering information on our website, you can check this by right clicking on the padlock icon in the address bar.
Disclosing and sharing information
When we allow third parties acting on behalf of the company to access to your information, we will always have complete control of what they see, how long they see it for and what they are allowed to do with it.. We do not sell or share your personal information for other organisations to use.
Personal data collected and processed by us may be shared with the following groups where necessary:
- our service partners
- Third party cloud hosting and IT infrastructure providers who host the website and provide IT support in respect of the website;
Also, under strictly controlled conditions:
- Service Providers providing services to us
Storage of information
Our offices are based in the UK and we store most of our data within the European Union (EU). Some organisations which provide services to us may transfer data outside the European Economic Area but we’ll only allow this if your data is adequately protected.
Payment card Security
ZSL Security Systems Ltd have an active PCI-DSS compliance program in place. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store payment card information; for example the full 16 digit number on the front of the card or the security code on the back.
Some of our locations and properties have Closed Circuit Television (CCTV) and you may be recorded when you visit them.
CCTV is used to provide security and protect both our staff and visitors and our company. CCTV will be only be viewed when necessary (e.g. to detect or prevent crime) and footage is stored for set period of time after which it is recorded over. The National Trust complies with the Information Commissioner’s Office CCTV Code of Practice and we put up notices so you know when CCTV is used.